The privacy & security focused mobile HW has just been founded:
https://puri.sm/shop/librem-5/
As these projects share common ideology, it would be nice if...

Do chime in and discuss on github;
I guess there are advantages of using Matrix to Signal (can sb list what mainly?);
but would COMPATIBILITY of the riot (matrix) and (axolotl for signal) protocols be possible? That seems as the best of both worlds.

I doubt it. Moxie in the past has stated he isn’t interested in federating with other networks, including third-party instances of the Signal server. I think the best thing to hope for is a Librem 5-compatible Signal client.

signal is not perfect, could be better in my opinion but riot privacy policy is really awfull, they COLLECT alot of data, and it is not needed for the app funtionality, their base is in UK, i simply cannot trust them i see no much difference between them and whatsapp
open source =! privacy ofcourse have opensource applications is a must for privacy, but if an open system collect all this kind of data, is just a joke in a privacy area

in a privacy messagging app i could expect a privacy policy like that

we store:
mail and password for login (well protected with hashing) till you delete your account
used room (encrypted) till you delete your account
chat content (encrypted) till you delete the chat
ip address (encrypted) due to avoid abuse allowing one access per time, this will be automatically deleted when logout

we share no data with other companies and we all we can give to autority according to law is encrypted data

stop, all the other thigs are just rubbish i do not wanna see in online services

i’ve already asked in this forum about it and i got one reply from purism, where i’ve replied with the privacy policy link, then i got no more reply, i understand is not a purism issue but riot, that’s why i hope to have a choice for a messagging app with librem5

ip address (encrypted) due to avoid abuse allowing one access per time, this will be automatically deleted when logout

Government’s regulations usually impose much longer retention of data then “till you delete account/chat”. Therefore not collecting it in the first place is very important.userd room and chat content should be managed client side, not reside on servers.

I’ve skimmed over Riot’s and Singal’s privacy policy and I get the impression that Riot is like they are going to use the user data for making profit, whereas Signal is not.

Privacy claims Ring is a Free Software project. Its main purpose is to provide a distributed communication system which respects users' confidentiality by not having any centralized servers. Ring uses distributed hash tables for establishing...

OUT OF DATE -- FOR ARCHIVAL PURPOSES ONLYThis is version 1.0 of our scorecard; it is out of date, and is preserved here for purely historical reasons. Please visit Surveillance Self-Defense if you're looking for recommendations on specific tools to...

They say they are working on an update, but the status is the same for a few months now. Optimistically, that means the update will be out soon.

I’m the project lead for Matrix (and Riot) and can categorically state we are not using user data for profit on Riot, and never will. The Riot privacy policy is indeed too heavy and scary atm but it boils down to “we collect information required to actually power communication; we don’t allow illegality or abuse; we keep the option to use analytics to see what features of Riot people use and so how to focus our dev effort”, which seems pretty reasonable to me. It also applies only to the default matrix dot org homeserver; if you use a different one (eg a hypothetical Purism one) then it can have whatever privacy policy it likes. More info over at About matrix and riot.

Personally, I rate the freedom to select and trust your preferred service provider as high as the need for privacy, which is why Matrix exists (rather than just using Signal). But OWS release a Signal app for the Librem5 you are of course welcome to use it. (Whereas with Matrix you are not beholden to OWS choosing to release an app for the platform).

You are right about the (not-)federation, so we should just make sure SignalDesktop runs on PureOS

I do not think this is enough. I am using Signal as a Chromium-plugin. It has to be associated via a QR-code with a phone using the Android or iOS app to be used. I assume the same is true for the Desktop App, so some further hacking is needed for a comfortable solution (you might install Signal for Android on Anbox on a GNU/Linux system, but this would be quite some effort just to use Signal on your phone).

I’d also really like to see Signal on the Librem 5. Signal may have its flaws (as in “it is not perfect”), but its the most privacy aware and secure messenger that you can even make your parents/less computer literate friends install and communicate with them. I do not see this level of security, privacy and ease of use with other applications so far. And in the end you also want to use your phone for communication.

While I appreciate the effort put in the matrix/riot project, at the moment, I see it as quite a different application. It’s fairly easy to set up on your own server, however encryption in Riot is still in a testing phase (imho it shouldn’t even allow for unencrypted anything in the first place) and it relies heavily on storing data/messages on the/a server. Signal, on the other hand, tries to store as little as possible on the server. The downside of course is a non universally accessible history.
All in all I see matrix/riot as a nice replacement for discord/irc and anything targeting multi-user chats, but less as an one-on-one instant messenger/sms replacement.

Hello Community,
TL;DR most of my colleagues and family are finally using Signal. They will definitely not want to switch again to another IM (such as Matrix). But I believe Signal integration with the Librem 5 is possible.
Side question for Purism team: is a partnership with OpenWhisper envisioned?
I managed to get most of my family and colleagues on Signal. I understand that Purism wants to push its user towards Matrix as they have partnered up.
For most of my not-tech-savvy-at-all contac…

I I might find some time to spend into it soon, although it would not go as initially planned. A first version could be written in Java, using as much code as possible provided by Open Whisper Systems and/or the Signal Foundation. A better version could come later in C or C++.

I appreciate the incentive, but I think should be backed by OWS somehow. At least having their okay would be nice, as they were not really endorsing any third party applications in the past.

I definitely agree with you. I tried to reach them on Twitter and on their (unofficial) community forums. Several people tried to reach Moxie through Github issues. Moxie has a lot to skim through, and quickly closed the issue as he thought PureOS was yet another Android ROM.

I believe the best to do in the meantime is:

Use as much Signal code as possible and as little extra code as possible to stay as close as we can to the client they intended to write

Explicitly mention that this client is not supported in any way by Signal

This should be enough to start peaceful discussions regarding how we someone/me can work together without causing them issues

Be assured that if I could have stood out of all the noise around them before having them noticing an existing client, I would have!

EDIT: clarified that this is a project of my own and does not involve Purism responsibility

Conversations is FLOSS, but based on the Android framework. So as soon as the device will be Anbox-enabled, Conversations will also work. However, it might be easier to adapt Gajim (which supports OMEMO) to be usable on the Librem 5.

I mean if you’re really paranoid about privacy there’s other Linux messengers out there that are totally zero-access encrypted and decentralized. Check out some at Prism Break. I just don’t use them because:

A: Decentralization is good for privacy, bad for convenience/usability (no offline messaging, etc… you’re essentially going back to the days of simple IRC).

But Wire is basically the good of encryption and all, without decentralization, so I favored that a bit.

B: Nobody else I know uses them.

B is really the main issue. Nobody uses them, and what’s the sense in having it if nobody uses them? If I have a buddy I’m trying to keep top-secret shit with, it’s great since we’ll both use it and know what we’re doing. But since I don’t have any such thing going on… yeah, these things ain’t the most useful.

And this is why even though I’m a security/privacy nut, I still have a Windows computer and still have Skype & Discord… sigh… someitmes it seems to keep secure and private, you have to just not have any social life. And trust me, I’m damn close, but I ain’t totally ground-zero with it at least.

I think the next big step for these applications is to get enough people using them that using them starts to make sense. I know it’s kind-of a self-dependent problem though, that first big influx of users is needed.